Managing secure sharing of private information across security domains
First Claim
Patent Images
1. A method of sharing information among at least a first organization and a second organization, the method comprising:
- (a) receiving by one or more physical nodes a first request for authorization for a user in the first organization to access one or more individual'"'"'s information in the second organization, wherein the first organization is associated with a first security domain, the second organization is associated with a second security domain, the second organization has an access profile associated with the first security domain, the user is associated with one or more roles and one or more caseloads, each of the one or more individual'"'"'s information in the second organization has at least one type, the one or more roles includes access privilege information for one or more users, and the one or more caseloads includes access privilege information for at least one individual or medical services program;
(b) logging by the one or more physical nodes, in an activity log associated with at least the first organization or the second organization, the user'"'"'s first request for authorization for the user in the first organization to access the individual'"'"'s information in the second organization;
(c) determining by the one or more physical nodes whether the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization, wherein the determination is based on at least the access profile, the one or more caseloads and the one or more roles associated with the user1 and the type of the one or more individual'"'"'s information in the second organization;
(d) responsive to determining that the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization;
(d)(i) transferring by the one or more physical nodes the one or more individual'"'"'s information in the second organization to the user in the first organization;
(d)(ii) logging by the one or more physical nodes, in the activity log, the transferring of the one or more individual'"'"'s information in the second organization to the user in the first organization.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for sharing information across at least two organizations is described. A physical node may receive a request for authorization for a user in an organization to access an individual'"'"'s information in another organization. The request may be logged. The physical node may determine whether the user is authorized to access the individual'"'"'s information and, if it is, provide appropriate access.
53 Citations
77 Claims
-
1. A method of sharing information among at least a first organization and a second organization, the method comprising:
-
(a) receiving by one or more physical nodes a first request for authorization for a user in the first organization to access one or more individual'"'"'s information in the second organization, wherein the first organization is associated with a first security domain, the second organization is associated with a second security domain, the second organization has an access profile associated with the first security domain, the user is associated with one or more roles and one or more caseloads, each of the one or more individual'"'"'s information in the second organization has at least one type, the one or more roles includes access privilege information for one or more users, and the one or more caseloads includes access privilege information for at least one individual or medical services program; (b) logging by the one or more physical nodes, in an activity log associated with at least the first organization or the second organization, the user'"'"'s first request for authorization for the user in the first organization to access the individual'"'"'s information in the second organization; (c) determining by the one or more physical nodes whether the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization, wherein the determination is based on at least the access profile, the one or more caseloads and the one or more roles associated with the user1 and the type of the one or more individual'"'"'s information in the second organization; (d) responsive to determining that the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization; (d)(i) transferring by the one or more physical nodes the one or more individual'"'"'s information in the second organization to the user in the first organization; (d)(ii) logging by the one or more physical nodes, in the activity log, the transferring of the one or more individual'"'"'s information in the second organization to the user in the first organization. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A non-transitory computer-readable storage media having computer executable code stored thereon, the code for sharing information among at least a first organization and a second organization, the code, when executed:
-
(a) receives a first request for authorization for a user in the first organization to access one or more individual'"'"'s information in the second organization, wherein the first organization is associated with a first security domain, the second organization is associated with a second security domain, the second organization has an access profile associated with the first security domain, the user is associated with one or more roles and one or more caseloads, each of the one or more individual'"'"'s information in the second organization has at least one type, the one or more roles includes access privilege information for one or more users, and the one or more caseloads includes access privilege information for at least one individual or medical services program; (b) logs, in an activity log associated with at least the first organization or the second organization, the user'"'"'s first request for authorization for the user in the first organization to access the individual'"'"'s information in the second organization; (c) determines whether the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization, wherein the determination is based on at least the access profile, the one or more caseloads and the one or more roles associated with the user; and
the type of the one or more individual'"'"'s information in the second organization;(d) responsive to determining that the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization; (d)(i) transfers the one or more individual'"'"'s information in the second organization to the user in the first organization; (d)(ii) logs, in the activity log, the transferring of the one or more individual'"'"'s information in the second organization to the user in the first organization. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
-
-
50. A system accessible by a user, wherein when the user accesses the system, the system:
-
(a) receives a first request for authorization for a user in the first organization to access one or more individual'"'"'s information in the second organization, wherein the first organization is associated with a first security domain, the second organization is associated with a second security domain, the second organization has an access profile associated with the first security domain, the user is associated with one or more roles and one or more caseloads, each of the one or more individual'"'"'s information in the second organization has at least one type, the one or more roles includes access privilege information for one or more users, and the one or more caseloads includes access privilege information for at least one individual ‘
or medical services program;(b) logs, in an activity log of a physical node, said activity log associated with at least the first organization or the second organization, the user'"'"'s first request for authorization for the user in the first organization to access the individual'"'"'s information in the second organization; (c) determines whether the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization, wherein the determination is based on at least the access profile, the one or more caseloads and the one or more roles associated with the user1 and the type of the one or more individual'"'"'s information in the second organization; (d) responsive to determining that the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization; (d)(i) transfers the one or more individual'"'"'s information in the second organization to the user in the first organization; (d)(ii) logs, in the activity log of said physical node, the transferring of the one or more individual'"'"'s information in the second organization to the user in the first organization. - View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 70, 71, 72, 73)
-
-
69. The system of 50, wherein the user is a health care professional associated with the first organization.
-
74. A method of sharing information among at least a first organization and a second organization, the method comprising:
-
(a) receiving by one or more physical nodes a first request for authorization for a user in the first organization to access one or more individual'"'"'s information in the second organization, wherein the first request for authorization includes one or more of the one or more individual'"'"'s name, social security number, state identification number, birth date, home address, and medicaid number, the first organization is associated with a first security domain, the second organization is associated with a second security domain, the second organization has an access profile associated with the first security domain, the user in the first organization is associated with one or more roles and one or more caseloads, and the one or more individual'"'"'s information in the second organization has at least one type, the one or more roles includes access privilege information for one or more users, and the one or more caseloads includes access privilege information for at least one individual or medical services program; (b) logging by the one or more physical nodes, in an activity log associated with at least the first organization or the second organization, the user'"'"'s first request for authorization for the user in the first organization to access the one or more individual'"'"'s information in the second organization; (c) determining by the one or more physical nodes whether the one or more individual'"'"'s information in the second organization is accessible based on the one or more of the one or more individual'"'"'s name, social security number, state identification number, birth date, and medicaid number; (d) responsive to determining that the individual'"'"'s information in the second organization is accessible based on the one or more of the one or more individual'"'"'s name, social security number, state identification number, birth date, and medicaid number; (d)(i) determining by the one or more physical nodes whether the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization, wherein the determination is based on at least the access profile, the one or more caseloads and one or more roles associated with the user, and the type of the individual'"'"'s information in the second organization; (d)(ii) responsive to determining that the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization; (d)(ii)(A) transferring by the one or more physical nodes the one or more individual'"'"'s information in the second organization to the user; (d)(ii)(B) logging by the one or more physical nodes, in the activity log, the transferring of the one or more individual'"'"'s information in the second organization to the user. - View Dependent Claims (75)
-
-
76. A non-transitory computer-readable storage media having computer executable code stored thereon, the code for sharing information among at least a first organization and a second organization, the code, when executed:
-
(a) receives a first request for authorization for a user in the first organization to access one or more individual'"'"'s information in the second organization, wherein the first request for authorization includes one or more of the one or more individual'"'"'s name, social security number, state identification number, birth date, home address, and medicaid number, the first organization is associated with a first security domain, the second organization is associated with a second security domain, the second organization has an access profile associated with the first security domain, the user in the first organization is associated with one or more roles and one or more caseloads, and each of the one or more individual'"'"'s information in the second organization has at least one type, the one or more roles includes access privilege information for one or more users, and the one or more caseloads includes access privilege information for at least one individual or medical services program; (b) logs, in an activity log associated with at least the first organization or the second organization, the user'"'"'s first request for authorization for the user in the first organization to access the one or more individual'"'"'s information in the second organization; (c) determines whether the one or more individual'"'"'s information in the second organization is accessible based on at least the access profile, the one or more of the one or more individual'"'"'s name, social security number, state identification number, birth date, and medicaid number; (d) responsive to determining that the individual'"'"'s information in the second organization is accessible based on the one or more of the one or more individual'"'"'s name, social security number, state identification number, birth date, and medicaid number; (d)(i) determines whether the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization, wherein the determination is based at least the access profile, on the one or more caseloads and one or more roles associated with the user, and the type of the individual'"'"'s information in the second organization; (d)(ii) responsive to determining that the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization; (d)(ii)(A) transfers the one or more individual'"'"'s information in the second organization to the user; (d)(ii)(B) logs, in the activity log, the transferring of the one or more individual'"'"'s information in the second organization to the user.
-
-
77. A system accessible by a user, wherein when the user accesses the system, the system:
-
(a) receives a first request for authorization for a user in the first organization to access one or more individual'"'"'s information in the second organization, wherein the first request for authorization includes one or more of the one or more individual'"'"'s name, social security number, state identification number, birth date, home address, and medicaid number, the first organization is associated with a first security domain, the second organization is associated with a second security domain, the second organization has an access profile associated with the first security domain, the user in the first organization is associated with one or more roles and one or more caseloads, each of the one or more individual'"'"'s information in the second organization has at least one type, the one or more roles includes access privilege information for one or more users, and the one or more caseloads includes access privilege information for at least one individual or medical services program; (b) logs, in an activity log of a physical node, said activity log associated with at least the first organization or the second organization, the user'"'"'s first request for authorization for the user in the first organization to access the one or more individual'"'"'s information in the second organization; (c) determines whether the one or more individual'"'"'s information in the second organization is accessible based on the one or more of the one or more individual'"'"'s name, social security number, state identification number, birth date, and medicaid number; (d) responsive to determining that the individual'"'"'s information in the second organization is accessible based on the one or more of the one or more individual'"'"'s name, social security number, state identification number, birth date, and medicaid number; (d)(i) determines whether the user in the first organization is authorized to access the one or more individual'"'"'s information in the second organization, wherein the determination is based on at least the access profile, the one or more caseloads and one or more roles associated with the user, and the type of the individual'"'"'s information in the second organization; (d)(ii)(A) transfers the one or more individual'"'"'s information in the second organization to the user; (d)(ii)(B) logs, in the activity log of said physical node, the transferring of the one or more individual'"'"'s information in the second organization to the user.
-
Specification